The ability to generate truly unpredictable numbers is critical for any number of security-related applications, including digital signatures, encryption, virtual private networks, electronic commerce, etc. Typically, to generate an unpredictable number, a processing device utilizes a random number generator. In operation, a seed is generated and input into the random number generator. The random number generator performs one or more transformational operations on the input seed and a random number is output. In normal operation, the uniqueness of the output of the random number generator is based upon the uniqueness of the seed being input.
Generating the seed for a random number generator can be difficult because computing devices are designed to be predictable. In operation, computing devices do not provide an easy way to determine entropy, or unknown input variables, for use in generating an unpredictable and random seed. Devices having limited processing capabilities such as hand-held mobile devices may not have inherent random entropy that can be used to seed a random number generator that is, for example, used to generate cryptographic keys (i.e., for applications such as generation of session keys and RSA public/private keys). As such, keys generated by mobile devices may be predictable if the means of generating the random number generator seed is known. For example, if a third party knows what specific algorithm or type of algorithm is used to generate the seed, as well as which specific random number generation techniques are being used, the third party can accurately reproduce both the seeds and the generated random numbers, thereby compromising the security of the mobile device.
One proposed solution for this problem is for a manufacturer to build support for seed generation directly into a central processing unit (CPU) chip at the hardware level. During operation of a particular application, if the application calls for a random number generation, the CPU can quickly generate a seed for a random number generator internally without any extra software calls or access. However, one problem with this approach is that third parties other than the manufacturer cannot verify that the seed generation is operating as suggested by a manufacturer. If the seed generation includes a security hole or flaw, it could be exploited without the user's knowledge, thereby allowing a party to reproduce the output of the random number generation by copying the generated seed.
This patent document describes methods and systems that are directed to addressing the issues described above.